Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Check these Squid ClamAV log entries please

    Cache/Proxy
    5
    6
    3.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AR15USR
      last edited by

      I'm seeing entries below about not attaching to memory and versions being out of date. Also the clamav 200 & 204 messages. Are these all 'ok' or is something not working right here..

      
C-ICAP - Access Logs
Date-Time		Message
03.05.2016 19:45:19	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
03.05.2016 19:45:19	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
03.05.2016 19:45:18	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
03.05.2016 19:45:18	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
03.05.2016 19:45:17	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
03.05.2016 19:45:17	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
03.05.2016 19:45:16	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
03.05.2016 19:45:16	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
03.05.2016 19:45:15	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
03.05.2016 19:45:15	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
repeats…

C-ICAP - Server Logs
Date-Time		Message
30.04.2016 16:27:50	can't attach shared memory!Sat Apr 30 16:34:55 2016
28.04.2016 21:06:32	squidclamav.c(1704) dconnect: Thu Apr 28 21:06:32 2016
28.04.2016 21:06:31	squidclamav.c(614) squidclamav_end_of_data_handler: Thu Apr 28 21:06:31 2016
25.04.2016 15:39:10	can't attach shared memory!Mon Apr 25 16:19:05 2016
25.04.2016 14:44:56	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:44:56 2016
25.04.2016 14:33:05	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:33:05 2016
25.04.2016 14:33:00	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:33:00 2016
25.04.2016 14:32:56	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:32:56 2016
25.04.2016 14:32:38	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:32:38 2016
25.04.2016 14:23:50	squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:50 2016
25.04.2016 14:23:50	squidclamav.c(1704) dconnect: Mon Apr 25 14:23:50 2016
25.04.2016 14:23:48	squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:48 2016
25.04.2016 14:23:48	squidclamav.c(1704) dconnect: Mon Apr 25 14:23:48 2016
25.04.2016 14:23:48	squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:48 2016
25.04.2016 14:23:48	squidclamav.c(1704) dconnect: Mon Apr 25 14:23:48 2016
25.04.2016 14:23:47	squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:47 2016
25.04.2016 14:23:47	squidclamav.c(1704) dconnect: Mon Apr 25 14:23:47 2016

ClamAV - freshclam Logs
Message
bytecode.cvd is up to date (version: 277, sigs: 47, f-level: 63, builder: neo)
daily.cld is up to date (version: 21514, sigs: 90868, f-level: 63, builder: neo)
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
DON'T PANIC! Read http://www.clamav.net/support/faq
WARNING: Local version: 0.99 Recommended version: 0.99.2
WARNING: Your ClamAV installation is OUTDATED!
ClamAV update process started at Tue May 3 19:00:00 2016
--------------------------------------

      2.6.0-RELEASE

      1 Reply Last reply Reply Quote 0
      • A
        AR15USR
        last edited by

        Bump..

        2.6.0-RELEASE

        1 Reply Last reply Reply Quote 0
        • M
          maex
          last edited by

          I would like to know this, too. Please!

          1 Reply Last reply Reply Quote 0
          • kklouzalK
            kklouzal
            last edited by

            My C-ICAP logs are currently getting spammed with this junk:

            10.08.2016 19:56:35
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:27
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:24
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:17
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:17
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:16
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:16
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:16
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:16
127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.08.2016 19:56:16
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:16
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.08.2016 19:56:15
127.0.0.1 127.0.0.1 REQMOD squid_clamav 204

            What's going on here? Access to some sites through the proxy server are also extremely slow. For example trying to load Microsoft.com takes upwards of 5 minutes for a page to load! other sites are lightning fast. Nothing disconcerting in the logs aside from this.

            1 Reply Last reply Reply Quote 0
            • Y
              yahav02
              last edited by

              SB can help???

              Date-Time Message
              10.12.2017 20:31:34 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
              10.12.2017 20:31:34 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
              10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
              10.12.2017 20:31:33 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
              10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
              10.12.2017 20:31:32 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
              10.12.2017 20:31:32 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
              10.12.2017 20:31:31 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
              10.12.2017 20:31:31 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204

              1 Reply Last reply Reply Quote 0
              • I
                Impatient
                last edited by

                @yahav02:

                SB can help???

                Date-Time Message
                10.12.2017 20:31:34 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
                10.12.2017 20:31:34 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
                10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
                10.12.2017 20:31:33 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
                10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
                10.12.2017 20:31:32 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
                10.12.2017 20:31:32 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
                10.12.2017 20:31:31 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
                10.12.2017 20:31:31 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204

                Those are normal.
                If I remember correctly that is the Request's from the client being sent to the C-ICAP and ClamAV.

                The Response is after it has been scanned by ClamAV and if a virus is found you will see a generate
                response page in the C-ICAP Server Table.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.